Advertising

*Just a reminder, the hiring manager is looking for a very technical
professional with demonstrated knowledge of running web application testing
tools (e.g., Cenzic Hailstorm /HP Web Inspect), identifying vulnerabilities
as per SANS 25 or OWASP Top 10 specifications and helping develop platform
specific remediation plans. Additional job requirement details below.
*
*Job Title: Information Security Engineer – Level II (5+Years)
Department/Division: OIS
Language Preferences: English [Essential]
Appointment Term: 6 (six) months – subject to renewal
Location: Washington, DC
Duties and Accountability
The contractor will have responsibilities for specific individual tasks and
for working as an integral part of the team in executing OIS’s work program.
Specific responsibilities include:
· Review scanner reports and work with the line of business development
teams to remediate issues following a risk based approach.
· Work with Threat and Vulnerability team and network operations team to
mitigate vulnerabilities through recommending and monitoring of remediation
activities.
· Perform automated system vulnerability assessment scans using various web
and application vulnerability scanners, analyze reports and assist IT staff
with remediation efforts.
· Perform manual vulnerability assessment and penetration testing of
applications, produce report and assist with remediation.
· Analyze existing and proposed processes and products and produce technical
accreditation reports.
· Interface with scanning vendors and the development teams to prepare C&A
requests, oversee vendor scanning, interpreting results and discussing
remediation recommendations with development teams.
· Perform risk assessments of new C&A requests to determine the level of
testing and verification required.
· Coordinate web application testing activities with external managed
service provider.
· Assist with the security vulnerability evaluation of proposed
implementation of COTS solutions.
Selection Criteria
1. Academic/professional training to at least a Bachelor’s Degree or its
international equivalent, preferably in Computer Science, or Computer
Engineering;
2. At least 3 years of practice as an Information Security Engineer;
3. Extensive knowledge of IT, enterprise architecture, software development
life cycle, and information security platforms and applications;
4. Ability to work well under pressure and to meet tight deadlines.
Demonstrates a high level of motivation, confidence, integrity and
responsibility;
5. Ability to be organized, responsive and to be able to effectively
multi-task with a focus on driving results;
6. Demonstrated knowledge of running web application testing tools (e.g.,
Cenzic Hailstorm /HP Web Inspect), identifying vulnerabilities as per SANS
25 or OWASP Top 10 specifications and helping develop platform specific
remediation plan;
7. Proven level of understanding of web application technologies and
database management systems and related security concepts;
8. In-depth knowledge of common website vulnerabilities such as SQL
injection, cross-site scripting, remote/local file inclusion, etc.; in-depth
knowledge of common website exploit techniques such as character encoding,
privilege escalation, directory traversal, etc.
9. Demonstrable skills in identifying and mitigating security weaknesses,
and incorporating security into enterprise software development lifecycles
10. Possession of industry certifications highly preferred including, but
not limited to, Certified Information Systems Security Professional (CISSP),
Certified Information Security Manager (CISM), Global Information Assurance
Certification (GIAC), and Information Systems Security Management
Professional (ISSMP).
11. Demonstrate excellent interpersonal skills; including the ability to
work independently, effectively in a team/task force as a team member or
leader, and with senior staff and managers in the unit and elsewhere in the
WBG.
12. Ability to collaborate with senior management stakeholders to identify
requirements and drive compliance with approved standards.*
Thanks & Regards
*Gopal Yash*
* *
*CyberTec, Inc.,*
11710 Plaza America Drive, Suite 2000, Reston, Virginia – 20190
Fax: 866-515-7595
Email: go...@cy-tec.com <mo...@cy-tec.com>
www.cy-tec.com
--
You received this message because you are subscribed to the Google Groups
"REQSRESUMES" group.
To post to this group, send email to reqsresu...@googlegroups.com.
To unsubscribe from this group, send email to
reqsresumes+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/reqsresumes?hl=en.